Can you tell me what potential risks there is with leaving ports open? Generally speaking.

I understand if the computer has a virus and/or if drives are shared, but other than that is there anything else?

If no virus exists on my computer and if I don't share drives, what else can "hackers" do besides ping my IP address?

Could they possibility flood my IP with pings so much that I couldn't access the internet?

I just don't see the "threat" if they can't access my computer other than having my IP address.

Taken from Zonelabs web site:
Any personal computer connected to the Internet is a potential target. Hackers randomly barrage Internet connected PCs with "pings" or "port scans", probing to find unprotected PCs. Once found, a hacker can compromise your PC with a dangerous Internet threat - Trojan horse, spyware or malicious worm.

How could they "compromise" my computer?

Thank you in advance for any information that you can provide.

open port means a back door you have a potential problem leaves it open someone could do some nasty damage by taking over and controling your computer and have all the control that you do.


------------------
YODA74@windows-sucks.com
CCMR (http://www.dreamwater.net/tech/yoda74/index.html)

PUSH TO TEST. RELEASE TO DETONATE.
[Closed captioned for the thinking impaired.]

Basically if there is a port open (lets say port 23 -- Telnet) then your computer is waiting for another computer to make a connection to that port. So you are sitting there with 23 open, I file up hyperterminal, plug in your IP and then negotiate a connection.....hmmm....you are running Windows...whats this?, Quicken.....hmmm, maybe if I copy your profile I can grab some info.....gee, you have a credit card account listed in there... the number is ####-####-####-####.....hmmm....I need a new (whatever)....while I'm here I might as well drop BackOriffice on your machine...OH your home phone number is ###-###-####...lets see I haven't called my cousin in Singapore lately....

Yeah Telnet isn't really a good example, because file transfers aren't easy, but you get the general idea. If it were and FTP port open or NetBIOS, or one of the other protcols designed for file sharing the things could get very interesting. Opens ports mean you have something that is wanting to act as a server, and with out properly configuring what can be accessed through that port you are asking for trouble. That is why most file sharing apps (like Napster et al) have you set specific folders to be used to uploads.

The threat exists, there are plenty of people that would love to find open ports, and there is plenty the could do with them....

------------------
mjc
Computer Links (http://www.dreamwater.org/tech/mjc/index.htm)

Celts are the men that heaven made mad, For all their battles are merry and their songs are all sad.

So what you are all saying is that a virus doesn't need to be planted in the targets computer?

Just open ports and the "attacker" uses some special program to access my computer?

YES!!!!!

And it doesn't have to really be special software...some ports can be hacked just with a web browser.....

------------------
mjc
Computer Links (http://www.dreamwater.org/tech/mjc/index.htm)

Celts are the men that heaven made mad, For all their battles are merry and their songs are all sad.

And, what is it mjc somewhere in the vicinity of 65,000 ports available per computer!? http://www.PCGuide.com/ubb/rolleyes.gif

------------------
May all your dealings in life be win/win!


Whyzman
----------------------
Reserved for Punishing Humor...A Pessimist's blood is always B-negative!


[This message has been edited by Whyzman (edited 06-03-2002).]

So what you are all saying is that a virus doesn't need to be planted in the targets computer?

A virus and unauthorized remote access - more commonly known as hacking - are two different things. A virus is a file, just like any other file, say notepad or defrag, but with a malicious executable. Some don't do much more than replicate, others cause major problems.

A virus has to be installed on the target computer to do any damage. You can save most viruses to a folder, never open (execute) the file, and it will usually sit there and do nothing. Once it is opened or executed, it installs itself, and most send themselves to every address in your address book the next time you open your email program.

Unauthorized remote access can be accomplished in different ways. THe most common is by planting a file called a backdoor on the target computer, such as Back Orifice. These programs, several are in existence, are very similar to PC Anywhere or Lap Link in that they allow remote access to the computer, but they do it without the knowledge or permission of the target computer's owner.

Yes, in most cases a file must be planted on the target computer, but it is possible without doing so, just more difficult. The files are planted by different means - email, Javascript, some prorams have even had them embedded at times.

Once the backdoor or trojan is installed, it broadcasts itself when the target computer logs onto the Internet so the person who wants into your computer knows, and knows he has full access.

In addition to what has already been mentioned, plenty other things can be done with such a program. The CD ROM tray can be opened and closed at random, (a favorite trick to surprise and annoy people) and almost anything else you can do on your computer the hacker can do. Save, copy, delete or modify files, run your printer, run your scanner, PC Cam, change your desktop, format hard drives...almost anything. All that's needed is an open port.

Usually the person is looking for exactly what mjc described. Phone numbers, credit card numbers, bank account numbers. A friend once told me her printer had just started to print by itself, it was a note from someone who had just been into her computer. I told her to change ALL credit card numbers, bank accounts, phone numbers etc IMMEDIATELY...first thing the next morning...She did, but neglected to change her phone number. Big mistake..

Next month she got a bill for $300 in long distance calls from places she had never heard of, much less been to...the following month, after changing the number, she got a bill for another $200 in calls made before the number was changed and after the first bill was sent. One open port...(one side note, Zone Alarm didn't exist at that time, but I had already recommended Black Ice, she didn't listen...didn't think it was a serious threat..."who would want into my computer??? I just surf a bit and use email...")

Yes, somewhere in the vicinity of 65,000 ports. Only a few are normally used.



------------------
If your nose runs and your feet smell...
You're built upside down!
Note: Please post your questions on the forums, not in my email.

Computer Information Links (http://www.dreamwater.com/paleopete/computer.htm) has been moved, please update your bookmarks.

Thank you all for the explanation.
My initial thoughts about ports was that a virus had to be introduced first before a attacker could use them.

I run ZoneAlarm Pro with a Gateway, so I'm pretty safe.
I have more of an understanding about ports now. http://www.PCGuide.com/ubb/smile.gif

Hackers don't use viruses, they use trojans, also called backdoor programs. Maybe I didn't make that part clear...a virus is a malicious file that acts completely on its own, no human intervention necessary. Usually a virus won't have a thing to do with hackers, it's just an executable file designed to do things that cause trouble. Most require that you open the file they are attached to before they can install and do their dirty work. Once they do it, hackers don't want anywhere close, they would be infected too.

Trojans or backdoors are programs that do allow remote access by hackers. They also act on their own, but only to broadcast a notice that the computer is available, the hacker does the rest.

------------------
If your nose runs and your feet smell...
You're built upside down!
Note: Please post your questions on the forums, not in my email.

Computer Information Links (http://www.dreamwater.com/paleopete/computer.htm) has been moved, please update your bookmarks.

Something else that can be done with a box connected to the internet unguarded is a DOS attack. The fruitcake will take control of several boxes and use them to send large pings to specific websites making the hijacked box an accomplice to the crime.

------------------
I can feel the wheel, but I can't steer
When my thoughts become my biggest fear
Ah, what's the difference, I'll die
In this sick world of mine

Your right Pete. I used virus in the wrong context. http://www.PCGuide.com/ubb/biggrin.gif
But couldn't a virus contain a trojan?

All in all, I wasn't too worried about viruses or trojans. I never download programs from sites that are questionable. My ISP blocks certain types of programs from email as well. (Unless they are zipped. Even then, I know what to look for.)

What I was wondering more about is open ports and how they can be accessed from the outside. Once the system is compromised, then a trojan can be placed for easier access for the attacker. (Unless a trojan is downloaded and executed making it easier for the attacker to compromise the system.)

What started me thinking of this was because I sometime use a Internet file sharing program. I find it easier to shutdown ZA and configure my gateway to host DMZ. Which basically leaves all my ports open.

From my recent readings, it is better to have ports open that are intented to be used, rather than all of them waiting to be used.

Luckly for me, I learned my lesson the easy way rather than the hard way. http://www.PCGuide.com/ubb/smile.gif

hi,

you absolutely want ZA running when using 'file sharing apps'...

http://www.PCGuide.com/ubb/wink.gif



------------------
sea1_69@hotmail.com

homepage (http://www.seanweb1.homestead.com/index.html)

But couldn't a virus contain a trojan?

Absolubably.

I think at least one already has included a trojan in its payload, but can't remember for sure which one. But as I mentioned earlier, that wouldn't be a healthy proposition for the person who wishes to gain unauthorized remote access to a computer, it would be too easy for the virus to transmit itself back to the hacker. I don't think many would want that possibility to worry about...

Then again, it could also make life unpleasant for unsuspecting hackers who suddenly find the infected computer broadcasting its availability... http://www.PCGuide.com/ubb/biggrin.gif

------------------
If your nose runs and your feet smell...
You're built upside down!
Note: Please post your questions on the forums, not in my email.

Computer Information Links (http://www.dreamwater.com/paleopete/computer.htm) has been moved, please update your bookmarks.

you absolutely want ZA running when using 'file sharing apps'...

Unfortunately, if everyone did that, file sharing programs wouldn't be able to function at all as they couldn't access the computer needed to retrieve a file.

But I was able to configure my Gateway to allow the needed ports open and no others. Once I am done, I restart ZA which closes those ports again. http://www.PCGuide.com/ubb/smile.gif

I don't know which version of ZA you have but I run the latest ZA Pro and have no problems uploading or downloading in P2P applications.

People seem to have no difficulty retrieving the files I have shared.

Any firewall worth anything will allow you to configure which applications are granted access to the 'Net, and any P2P app worth owning should allow you the computer owner to configure which ports/directories/files are allowed access.

------------------
mjc
Computer Links (http://www.dreamwater.org/tech/mjc/index.htm)

Celts are the men that heaven made mad, For all their battles are merry and their songs are all sad.

sea69,

I have ZoneAlarm Pro as well. I checked out the settings again and found that I am able to allow incoming and outgoing UDP/TCP ports in the Internet Zone Security.

I plugged in the needed ports (both incoming and outgoing just in case) and it didn't work for me.

How do you have your ZA configure for file sharing programs?
Any suggestions will be helpful.
Thank you. http://www.PCGuide.com/ubb/wink.gif

In the ZA Control Panel- Click "Program Control>>

Main TAB set to"High">> Auto Lock- your preference. Then click "Advanced" >> Access Permissions TAB- set all to "Always ask", in "Alerts & Functions TAB- check all. Apply. click ok.

>>Programs TAB>> click whichever application you want to give privileges to>> give them all green checks and in the "Privacy" Column, be sure it is set to "Off".

If this doesn't work, (to your satisfaction) go again to Program Control main screen and at the bottom, see "Program Wizard"- you can use this to reset/reconfigure all your settings.

also you could try removing the application you want to give access to completely from ZA and then the next time it tried to connect give it rights and click "yes" to always do so.

http://www.PCGuide.com/ubb/wink.gif

Well, I was able to share files with ZA. This is how I was able to do it.
I started from scratch and I refreshed my TrueVector database files.
Which basically means, everything is back to default settings and I lost all my programs that I had granted permission.
I went to Firewall > Main tab > Custom > Allowed incoming UDP and TCP and added the needed ports to the Internet Zone.

I started up my program, gave it permission to act as a server and all was good.

Except, my computer was bogging down big time. So...I disallowed incoming UDP and TCP from ZA again and I’m back to closing ZA when I need to run WinMX.
Would have been nice to have ZA working with it though.

But I’m not totally unsafe. I still have the gateway preventing incoming traffic except for the ports needed.

Thanks for the suggestion though, Sea69. I don’t think ZA and WinMX were meant to play together. http://www.PCGuide.com/ubb/frown.gif

you know, you could be correct on winMX- I just shared 356Mgbs of good stuff and I have not one upload going!

http://www.PCGuide.com/ubb/eek.gif

I will be researching this further.

http://www.PCGuide.com/ubb/wink.gif

under network settings on "Outgoing Connections", I have it at "Connect Directly"

On "Incoming TCP connections and UDP Packets, I have changed it to: listen on port 6699 for incoming TCP connections.

(I had it at "Unable to accept incoming connections...."

Host Name Resolution set to "Use local OS to resolve..."

also- had you updated to 3.1?

http://www.PCGuide.com/ubb/wink.gif

Yes. I am running v3.1
You?

still running v2.6!

have downloaded but not installed 'upgrade'

you like it any better??

Yeah. It can download the same file from multiple users which speeds up the download a lot quicker.
I haven't had any issues with it so far. http://www.PCGuide.com/ubb/smile.gif

If you like, you can email me your user name and I can add it to my hotlist. Then we can try to figure out the best way to get ZA and WinMX working together. If you no longer have my email, I still have yours.

Btw, I have 1GB of shared files. http://www.PCGuide.com/ubb/biggrin.gif